Knowledgebase: Security
Security Alert : New Malware in SSL 3.0 (Poodle) [INFO]
Posted by on 12 December 2014 12:27 PM
 
 
Security Alert : New Malware in SSL 3.0 (Poodle) [INFO]
Posted by Haruto C. on 17 October 2014 10:35 AM
 
ATTENTION:  All customers using SSL Certificate version 3.0
 
 
Dear valued customers,
We received have the latest update from our security team about the new malware detected by Google Cyber Team which impacts SSL version 3.0.
 
This vulnerability a.k.a POODLE (Padding Oracle on Downgraded Legacy Encryption) (CVE-2014-3566) was announced last week in the SSL (Secure Sockets Layer) 3.0 protocol. This vulnerability can be exploited to allow a man-in-the-middle attack allowing the attacker to decrypt ciphertext using a padding oracle side-channel attack. More information is available here: http://googleonlinesecurity.blogspot.ca/2014/10/this-poodle-bites-exploiting-ssl-30.html https://www.openssl.org/~bodo/ssl-poodle.pdf
 
IMPACT
This vulnerability allows the plaintext of secure connections to be calculated by a network attacker if he has an ability to intercept and manipulate the connections between two SSL 3.0 hosts. You can find more detailed information about the
vulnerability report on Google’s Security Blog or CVE-2014-3566.
 
At this moment, we were advised by our security team to disable the SSL 3.0 usage until respective vendor updates with the patch.
We will keep you posted  if any further updates regarding "Poodle" emerge.
 
Thank you.
 
Regards;
Haruto C.
Customer Service Help Desk
-------------------------------
247 LiveSupport Department
http://247livesupport.biz -
* Thank you for using 247LiveSupport System *

SUPPORT ESCALATION PROCEDURE
We stand behind our products and services. If there are serious problems that are impacting your business and you are not getting help through regular channels, you can contact our CEO, Terence C. directly at ceo@247livesupport.biz.
 
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
Updated on 17th Oct 2014; 10.30am (GMT +800)
 
Dear valued customers,
We have received the latest update from Parallel team that their control panel is affected too.
Thank you.
 
Regards;
Haruto C.
Customer Service Help Desk
-------------------------------
247 LiveSupport Department
http://247livesupport.biz -
* Thank you for using 247LiveSupport System *

SUPPORT ESCALATION PROCEDURE
We stand behind our products and services. If there are serious problems that are impacting your business and you are not getting help through regular channels, you can contact our CEO, Terence C. directly at ceo@247livesupport.biz.
 
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 
Updated on 17th Oct 2014; 10.30am (GMT +800)
 
Another alert from Mozilla Security Team.
Check out their full report HERE.
Thank you.
 
Regards;
Haruto C.
Customer Service Help Desk
-------------------------------
247 LiveSupport Department
http://247livesupport.biz -
* Thank you for using 247LiveSupport System *

SUPPORT ESCALATION PROCEDURE
We stand behind our products and services. If there are serious problems that are impacting your business and you are not getting help through regular channels, you can contact our CEO, Terence C. directly at ceo@247livesupport.biz.
 
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 
Updated on 19th Oct 2014; 3.00pm (GMT +800)
 
ALERT from US CERT (Computer Emergency Response Team).
Original release date: October 17, 2014
 
Systems Affected
 
All systems and applications utilizing the Secure Socket Layer (SSL) 3.0 with cipher-block chaining (CBC) mode ciphers may be vulnerable. However, the POODLE (Padding Oracle On Downgraded Legacy Encryption) attack demonstrates this vulnerability using web browsers and web servers, which is one of the most likely exploitation scenarios.
 
 
Overview
 
US-CERT is aware of a design vulnerability found in the way SSL 3.0 handles block cipher mode padding. The POODLE attack demonstrates how an attacker can exploit this vulnerability to decrypt and extract information from inside an encrypted transaction.
 

Description
 
The SSL 3.0 vulnerability stems from the way blocks of data are encrypted under a specific type of encryption algorithm within the SSL protocol. The POODLE attack takes advantage of the protocol version negotiation feature built into SSL/TLS to force the use of SSL 3.0 and then leverages this new vulnerability to decrypt select content within the SSL session. The decryption is done byte by byte and will generate a large number of connections between the client and server.
 
 
While SSL 3.0 is an old encryption standard and has generally been replaced by Transport Layer Security (TLS) (which is not vulnerable in this way), most SSL/TLS implementations remain backwards compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. Even if a client and server both support a version of TLS the SSL/TLS protocol suite allows for protocol version negotiation (being referred to as the “downgrade dance” in other reporting). The POODLE attack leverages the fact that when a secure connection attempt fails, servers will fall back to older protocols such as SSL 3.0. An attacker who can trigger a connection failure can then force the use of SSL 3.0 and attempt the new attack.
 
 
Two other conditions must be met to successfully execute the POODLE attack: 1) the attacker must be able to control portions of the client side of the SSL connection (varying the length of the input) and 2) the attacker must have visibility of the resulting ciphertext. The most common way to achieve these conditions would be to act as Man-in-the-Middle (MITM), requiring a whole separate form of attack to establish that level of access.
 
These conditions make successful exploitation somewhat difficult. Environments that are already at above-average risk for MITM attacks (such as public WiFi) remove some of those challenges.
 
 
Impact
 
The POODLE attack can be used against any system or application that supports SSL 3.0 with CBC mode ciphers. This affects most current browsers and websites, but also includes any software that either references a vulnerable SSL/TLS library (e.g. OpenSSL) or implements the SSL/TLS protocol suite itself. By exploiting this vulnerability in a likely web-based scenario, an attacker can gain access to sensitive data passed within the encrypted web session, such as passwords, cookies and other authentication tokens that can then be used to gain more complete access to a website (impersonating that user, accessing database content, etc.).
 
 
Solution
 
There is currently no fix for the vulnerability SSL 3.0 itself, as the issue is fundamental to the protocol; however, disabling SSL 3.0 support in system/application configurations is the most viable solution currently available.
 
Some of the same researchers that discovered the vulnerability also developed a fix for one of the prerequisite conditions; TLS_FALLBACK_SCSV is a protocol extension that prevents MITM attackers from being able to force a protocol downgrade. OpenSSL has added support for TLS_FALLBACK_SCSV to their latest versions and recommends the following upgrades:
 
  • OpenSSL 1.0.1 users should upgrade to 1.0.1j.
  • OpenSSL 1.0.0 users should upgrade to 1.0.0o.
  • OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
 
Both clients and servers need to support TLS_FALLBACK_SCSV to prevent downgrade attacks.
 
Other SSL 3.0 implementations are most likely also affected by POODLE. Contact your vendor for details. Additional vendor information may be available in the National Vulnerability Database (NVD) entry for CVE-2014-3566.
 
 
 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
 
Updated on 19th Oct 2014; 3.00pm (GMT +800)
ALERT from .ORG Domain Name Registry (PIR - Public Interest Registry)

A vulnerability called POODLE (Padding Oracle on Downgraded Legacy Encryption) (CVE-2014-3566) was announced this week in the SSL (Secure Sockets Layer) 3.0 protocol. This vulnerability can be exploited to allow a man-in-the-middle attack allowing the attacker to decrypt ciphertext using a padding oracle side-channel attack.
 
 
*** Impact ***
Public Interest Registry and Afilias’ Security Incident Response Team has initiated our critical vulnerability response process to address this in our infrastructure. Our analysis determined that this bug does affect the core registry infrastructure for our TLDs as registrars are allowed to connect using SSL 3.0 protocol. We are not aware of any exploits in our infrastructure.
 
*** Mitigation ***
We will be disabling the SSL 3.0 protocol on our infrastructure to mitigate the risk posed by the vulnerability. SSL 3.0 protocol will be disabled on the Web Admin Tool in OT&E and Production environments on Oct 17, 2014 at 20:00 UTC.  Please be aware that disabling of the SSL 3.0 protocol may impact EPP clients that use this protocol. This exploit, while serious, is very hard for attackers to execute.
 
In order to give you time to examine and update your client systems, the OT&E and IP restricted Production EPP servers will be updated on Wednesday Oct 29 at 15:00 UTC. Registrars must use TLS 1.0 protocol or greater to be able to connect without issues.  Using only SSL 3.0 protocol will experience EPP connectivity issues until they upgrade to at least TLS 1.0 protocol. This will require registrars to use a client supporting TLS 1.0 or browsers such as IE 7, Firefox 1.0, Chrome 1.0, Safari 1.0, or higher versions of any aforementioned option.  Not doing so will result in loss of access to the registry.
 

We advise you to initiate a review of your own infrastructure to explore any systems that may be vulnerable to this bug and patch them as soon as possible.

(0 vote(s))
Helpful
Not helpful

Copyright © 1998 - 2018 Shinjiru International Inc. All Rights Reserved.